06-26-2009 10:00 AM - edited 03-06-2019 06:29 AM
Hi,
I have this scenario and need help
Network with 4 VLAN
VLAN#1
name : User-VLAN
VLAN#2
name : Server-VLAN
VLAN#3
name : Guest-VLAN
VLAN#4
name : Internet-VLAN
How to avoid guess VLAN to communicate with Other VLAN except Internet-VLAN
All VLAN are created on 3560 Switch
Routing protocol : OSPF
06-26-2009 10:58 AM
Hello Amin,
the easiest way to do it is using an ACL applied to the SVI that denies access to other Vlans ip subnets and allow all other destinations
I mean an extended ip acl applied
access-list 101 deny ip 10.10.100.0 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.10.100.0 any
int vlan 3
ip access-group 3 in
Other more advanced methods exist but this is enough to create a guest vlan
Hope to help
Giuseppe
06-26-2009 11:38 AM
Hello,
Is it recommended to configure DMZ VLAN on the core Switch or to have dedicated switch and keep it away from LAN.
what security config steps are required if DMZ vlan is configured on core switch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide